IT Controls Director

Job ID: 511139

Exempt

Oldcastle Infrastructure™ , a CRH company, is the leading provider of utility infrastructure solutions for the water, energy, and communications markets throughout North America. We're more than just a manufacturer of precast concrete, polymer concrete, or plastic products. We're a trusted and strategic partner to engineers, contractors, distributors, specifiers, and more. With our network of more than 80 manufacturing facilities and more than 4,000 employees, we're leading the industry with innovation and a safety-first mindset.

Job Summary

Are you ready to be part of a growing organization that is going through a transformation to bring value to CRH at the global level? The Director, IT Controls, is an exciting opportunity to evolve and mature our Governance, Risk, & Compliance organization to bring value to many Business portfolios. This role is empowered to identify and prioritize opportunities for simplification and optimization across key business units. This leader will advance and transform an organization of talent to meet demand through fostering collaboration. They will garner the adoption of key business initiatives and represent the business for the auditors. This individual will ensure that all solutions, with related procedures, adhere to organizational standards, controls, and best practices, according to industry standards.

• Maintain knowledge of developments in the IT risk and controls field that may impact the company, the risk assessment, or the company's audit methodology and procedures.
• Leverage and expand data analytics and digital labor for auditing/testing plans and technical solutions for holistically automating and building testing plans.
• Responsible for designing, testing, and implementing a wide range of digital solutions to support the testing of internal controls for our IT and Financial testing teams.
• Management of internal and external auditors
• Review all IT tests.
• Provide guidance and leadership as Oldcastle Infrastructure implements NIST
• Support compliance with appropriate frameworks of internal controls for financial reporting
• People-focused, with high standards
• Integral team member providing guidance on internal controls compliance throughout business units
• Assist in consultation with members of business and IT regarding the purpose of testing, provide guidance on implementation, and provide suggestions on how to improve. Coordinate with process owners to ensure monitoring of the controls occurs throughout the year
• Communicate project status, concerns, or issues to Management in a timely manner
• Evaluate IT general controls (ITGC) including information security, change management, security, security, computer operations, disaster recovery, and systems development life cycle (SDLC)
• Perform bi-annual IT risk assessment to determine those IT risks to be included in the annual testing plan, as well as identify specific divisional/ location IT risks and objectives
• Represent the business in front of an auditor and challenge where appropriate
• Document, assess, and evaluate automated systems controls, including interface completeness and validity, authentication and authorization, and input/ output controls to support the sensitivity of data and privacy
• Perform proper planning to execute the required test steps by established deadlines with minimal supervision. Be able to prioritize assignments, apply sample size guidelines appropriately, and provide constant and clear feedback to management and the process owners
• Coordinate the ITGC testing with appropriate 3rd parties to increase the efficiency of the external audit
• Monitor and consult regarding significant IT system implementations and upgrades
• Ensures that internal business and operational personnel understand their roles and responsibilities related to internal controls, including the execution of appropriate internal training related to internal controls
• Supervise employees and consultants as needed.
• Travel: 15% (or more as required by business and project needs)

• Bachelor's degree in information systems, Computer Science, Accounting, or related field. A master's degree or relevant certification (e.g., CISA, CISSP, CRISC) is a plus.
• 10+ years of experience in IT compliance, IT audit, or risk management within a public company.

• Deep understanding of SOX 404, NIST Cybersecurity Framework, and COSO principles.
• Proven experience with SAP or other large-scale ERP systems (e.g., Oracle, Microsoft Dynamics).
• Strong understanding of ITGCs, change management, access controls, and data integrity.
• Demonstrated success working with external auditors and managing audit cycles
• Business, Financial, and IT acumen
• Strong Oral and Written Communication, including Presentation Skills
• People Leadership
• Strong Analytical and Problem-Solving Skills

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• An inclusive culture that values opportunity for growth, development, and internal promotion